Home/ Questions/Q 6177401
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T00:16:04+00:00

If one must load and parse an XML resource from a user/PW-protected URL you

  • 0

If one must load and parse an XML resource from a user/PW-protected URL you cannot just use an MSXML DOM.Load() as far as I can tell. There is no place to specify the credentials.

Yet if you use XMLHTTPRequest to obtain and parse the resource into a DOM (via its .responseXML property) you have nowhere to specify a value for the .resolveExternals property.

This more or less works out when you use MSXML 3, 4, (or even 5) where it defaults to True, however in MSXML 6 it defaults to False:

resolveExternals Property:

In MSXML 3.0, MSXML 4.0, and MSXML 5.0 the default resolveExternals
value is True. In MSXML 6.0, the default setting is False.

If this property is set to False, no external includes and imports
will be resolved.

Is there a way around this that I am not seeing? Normally I need the externals resolved, especially when dealing with XSDs or WSDLs.

Or am I fooling myself, and perhaps .resolveExternals never applies when using XMLHTTPRequest (only DOM.Load() calls)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have you tried something like this?

    xmlhttp.responseXML.resolveExternals = true; 
xmlhttp.responseXML.setProperty("ProhibitDTD", false);

    The only thing is the solution may only work with MSXML XMLHTTP ActiveX object.

    Edit: here is a concrete sample with IE9:

    var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP.6.0");
// var xmlhttp = new XMLHttpRequest();

xmlhttp.open("GET", "sample.xml", false);
xmlhttp.responseXML.async = false;
xmlhttp.responseXML.resolveExternals = true;
xmlhttp.responseXML.validateOnParse = false;
xmlhttp.responseXML.setProperty("ProhibitDTD", false);
xmlhttp.onreadystatechange = function() {
    if (xmlhttp.readystate == 4 && xmlhttp.status == 200) {
         alert(xmlhttp.responseXML.xml);
    }
}
xmlhttp.send();

    sample.xml

    <!DOCTYPE data SYSTEM "sample.dtd"><data>&ent;</data>

    sample.dtd

    <!ENTITY ent "Hello world!">

    If you run the above cod with IE9, you’ll successfully get the entity resolved. However, if you switch to the commented out XMLHttpRequest, you will fail.

    PS: I thought you were talking about scripting inside IE, and there is a Trident native component called XMLHttpRequest which is quite different from XmlHttp ActiveX component. However, if you are referring to IXMLHttpRequest COM interface residing in MSXML6.DLL, you can translate the above code into C++ with ease.

    • 0